Password sync is an extension to the Directory Sync Scenario. With directory sync, you can manage the entire lifecycle of your cloud user and group accounts using your on- premise Active Directory management tools.

When password sync is enabled on your directory sync computer, your users will be able to sign into Microsoft cloud services, such as Office 365, Dynamics CRM, and Windows InTune, using the same password as they use when logging into your on-premises network. When your users change their passwords in your corporate network, those changes are synchronized to the cloud.

Reference: Directory Sync with Password Sync Scenario’

URL: http://technet.microsoft.com/en-us/library/dn441214.aspx

QUESTION 23

You administer a virtual machine (VM) that is deployed to Azure. You configure a rule to generate an alert when the average availability of a web service on your VM drops below 95 percent for 15 minutes.

The development team schedules a one-hour maintenance period.

You have the following requirements:

No alerts are created during the maintenance period. Alerts can be restored when the maintenance is complete.

You want to achieve this goal by using the least amount of administrative effort.

What should you do from the Management Portal?

A.

Select and disable the rule from the Dashboard page of the virtual machine.

B.

Select and delete the rule from the Configure page of the virtual machine.

C.

Select and disable the rule from the Monitor page of the virtual machine.

D.

Select and disable the rule on the Configure page of the virtual machine.

Correct Answer: C

Explanation:

Example:

Virtual Machines

You can configure virtual machine alert rules on:

Monitoring metrics from the virtual machine host operating system

Web endpoint status metrics

Reference: Understanding Monitoring Alerts and Notifications in Azure

QUESTION 24

You administer a solution deployed to a virtual machine (VM) in Azure. The VM hosts a web service that is used by several applications. You are located in the US West region and have a worldwide user base.

Developers in Asia report that they experience significant delays when they execute the services.

You need to verify application performance from different locations.

Which type of monitoring should you configure?

A.

Disk Read

B.

Endpoint

C.

Network Out

D.

CPU

E.

Average Response Time

Correct Answer: B

Explanation:

The question states: “You need to verify application performance from different locations”. The question is not asking you to determine WHY the application is slow, it’s asking you to `measure’ the performance from different locations. Endpoint Monitoring monitors your server with HTTP Get requests from locations that you choose.

Blobs that benefit the most from Azure CDN caching are those that are accessed frequently during their time-to-live (TTL) period. A blob stays in the cache for the TTL period and then is refreshed by the blob service after that time is elapsed. Then the process repeats.

You manage a cloud service that hosts a customer-facing application. The application allows users to upload images and create collages. The cloud service is running in two medium instances and utilizes Azure Queue storage for image processing. The storage account is configured to be locally redundant.

The sales department plans to send a newsletter to potential clients. As a result, you expect a significant increase in global traffic.

You need to recommend a solution that meets the following requirements:

Configure the cloud service to ensure the application is responsive to the traffic increase.

Minimize hosting and administration costs.

What are two possible ways to achieve this goal? Each correct answer presents a complete solution.

A.

Configure the cloud service to run in two Large instances.

B.

Configure the cloud service to auto-scale to three instances when processor utilization is above 80%.

C.

Configure the storage account to be geo-redundant

D.

Deploy a new cloud service in a separate data center. Use Azure Traffic Manager to load balance traffic between the cloud services.

E.

Configure the cloud service to auto-scale when the queue exceeds 1000 entries per machine.

Correct Answer: BE

Explanation:

* An autoscaling solution reduces the amount of manual work involved in dynamically scaling an application. It can do this in two different ways: either preemptively by setting constraints on the number of role instances based on a timetable, or reactively by adjusting the number of role instances in response to some counter(s) or measurement(s) that you can collect from your application or from the Azure environment.

Reference: Autoscaling and Microsoft Azure

QUESTION 29

DRAG DROP

You publish a multi-tenant application named MyApp to Azure Active Directory (Azure AD).

You need to ensure that only directory administrators from the other organizations can access MyApp’s web API.

How should you configure MyApp’s manifest JSON file?

To answer, drag the appropriate PowerShell command to the correct location in the application’s manifest JSON file. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Correct Answer:

QUESTION 30

You publish an application named MyApp to Azure Active Directory (Azure AD). You grant access to the web APIs through OAuth 2.0.

MyApp is generating numerous user consent prompts.

You need to reduce the amount of user consent prompts.

What should you do?

A.

Enable Multi-resource refresh tokens.

B.

Enable WS-federation access tokens.

C.

Configure the Open Web Interface for .NET.

D.

Configure SAML 2.0.

Correct Answer: A

Explanation:

When using the Authorization Code Grant Flow, you can configure the client to call multiple resources. Typically, this would require a call to the authorization endpoint for each target service. To avoid multiple calls and multiple user consent prompts, and reduce the number of refresh tokens the client needs to cache, Azure Active Directory (Azure AD) has implemented multi-resource refresh tokens. This feature allows you to use a single refresh token to request access tokens for multiple resources.